Login

GLSA-200608-26 : Wireshark: Multiple vulnerabilities

Medium Nessus Plugin ID 22288

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200608-26 (Wireshark: Multiple vulnerabilities) The following vulnerabilities have been discovered in Wireshark. Firstly, if the IPsec ESP parser is used it is susceptible to off-by-one errors, this parser is disabled by default; secondly, the SCSI dissector is vulnerable to an unspecified crash; and finally, the Q.2931 dissector of the SSCOP payload may use all the available memory if a port range is configured. By default, no port ranges are configured. Impact : An attacker might be able to exploit these vulnerabilities, resulting in a crash or the execution of arbitrary code with the permissions of the user running Wireshark, possibly the root user. Workaround : Disable the SCSI and Q.2931 dissectors with the 'Analyse' and 'Enabled protocols' menus. Make sure the ESP decryption is disabled, with the 'Edit -> Preferences -> Protocols -> ESP' menu.